Page MenuHomeFreeBSD

mitigations.7: mention supervisor mode memory access protections
ClosedPublic

Authored by emaste on May 31 2024, 2:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jul 4, 3:53 AM
Unknown Object (File)
Thu, Jul 4, 1:06 AM
Unknown Object (File)
Thu, Jul 4, 12:57 AM
Unknown Object (File)
Thu, Jul 4, 12:45 AM
Unknown Object (File)
Thu, Jul 4, 12:36 AM
Unknown Object (File)
Thu, Jul 4, 12:33 AM
Unknown Object (File)
Tue, Jul 2, 6:35 PM
Unknown Object (File)
Tue, Jul 2, 6:25 PM
Subscribers

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.
This revision is now accepted and ready to land.May 31 2024, 2:20 PM
olce added inline comments.
share/man/man7/mitigations.7
249
share/man/man7/mitigations.7
239

small addition staged in my tree

emaste added a reviewer: kib.

Describe the two different features in more detail

This revision now requires review to proceed.May 31 2024, 2:50 PM

It is also worth mentioning that SMAP/PAN provide very effective NULL pointer dereference protection in kernel, and make mapping a page at address zero safe.

share/man/man7/mitigations.7
239

'not owned by the kernel' is a weird formulation, I even have to stop digesting it. The right way to express it is probably 'pages accessible to userspace/non-privileged code'.

andrew added inline comments.
share/man/man7/mitigations.7
248

I think PAN only prevents read/write as it's just for data accesses.

This revision is now accepted and ready to land.May 31 2024, 3:20 PM